Help with sessions on Log in and Log out



I am having some problem working with my script on session
stuffs. Well, i have a login page which authenticates users by
using sql script then if login is successful i have
PHP Code:

$_SESSSION['logged in']=true; and $_SESSION[userid]=$userid

and when login is true i have included the page based on the
access level of users . Like if it is a regular user i have
include "user.php" ; exit() and if admin i have included admin page.

Also i have a log out script which unsets the sessions variable
and distroy the session at last.
Also when admin loggs in to admin page i have a small php script
that checks for those session variables and if the are set and
"is true" then the pages are displayed.

My problem is when admin just comes out to the login page again
without log out it allows to login to the main page but in main
page if any < a href> link is clicked it goes back to login page.
So then i will have to go back and log out first and then log
in.. I am not sure why this strange things happens.
Also is there any way i can have a feature like when the users
click back button it wont allow to go back to that page unless he
is using the back button provided by the web interface.

I am new at the session stuffs, so i am not sure what i am doing
is really a safe way to code a php page. are there any other
things that i need to be aware of while using sessions.

Any suggestions or thoughts would be highly appreciated.
Thanks
.



Relevant Pages

  • Re: To allow access only from the designated site.
    ... as previously stated, js isnt required, i was just having fun, and as ... I want to allow access to it only from site "B" login user. ... one, which one, does one/both have a database, session support? ... and to a script on siteB, and uses RSA for the form, with B's public ...
    (comp.lang.php)
  • Re: To allow access only from the designated site.
    ... I want to allow access to it only from site "B" login user. ... what capabilities do both servers have, do they have php, does only ... one, which one, does one/both have a database, session support? ... and to a script on siteB, and uses RSA for the form, with B's public ...
    (comp.lang.php)
  • Re: To allow access only from the designated site.
    ... I want to allow access to it only from site "B" login user. ... one, which one, does one/both have a database, session support? ... JDS Computer Training Corp. ... and to a script on siteB, and uses RSA for the form, with B's public ...
    (comp.lang.php)
  • Re: BSM, SSH, and Session ID
    ... I don't think writing a 'script' to monitor anything at all for that purpose, is going to be ingenius enough to really matter. ... I would use it to track any basic commands like mv, cp, rm, scp, sftp, unlink. ... As long as you allow someone to login and run any arbitrary commands, they have the potential to avoid any logging or tracking you may set up. ... 'exec' events with that session ID and run as root. ...
    (Focus-SUN)
  • losing sessions anyway to keep them if globals are turned off?
    ... I have been having loads of probs with a login system I've been writing..it ... session if the correct name and pass have been entered. ... 2- then the admin page checks if the correct session exsists and if it does ... I'm using the same version of php on both server and local machine. ...
    (alt.php)